From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from primenet.com.au (ns1.primenet.com.au [203.24.36.2]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id e6d66800 for ; Sun, 15 Dec 2019 21:07:05 +0000 (UTC) Received: (qmail 15727 invoked by alias); 15 Dec 2019 14:32:20 -0000 Mailing-List: contact zsh-users-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Users List List-Post: List-Help: List-Unsubscribe: X-Seq: 24542 Received: (qmail 24717 invoked by uid 1010); 15 Dec 2019 14:32:20 -0000 X-Qmail-Scanner-Diagnostics: from mail-wr1-f51.google.com by f.primenet.com.au (envelope-from , uid 7791) with qmail-scanner-2.11 (clamdscan: 0.102.1/25656. spamassassin: 3.4.2. Clear:RC:0(209.85.221.51):SA:0(-2.0/5.0):. Processed in 1.532549 secs); 15 Dec 2019 14:32:20 -0000 X-Envelope-From: andrew.j.c.parker@gmail.com X-Qmail-Scanner-Mime-Attachments: | X-Qmail-Scanner-Zip-Files: | Received-SPF: pass (ns1.primenet.com.au: SPF record at _netblocks.google.com designates 209.85.221.51 as permitted sender) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=plaCTxD0iJsZtMh43oHOTxXAcJIjnRdM/0ST/cfudLA=; b=sZ+Wf6wzyH0S7sEv6+R3kKxUaTmM3bWKt12pupKAp1teKFHrafenjxKlLSVGTP0uIA VDxORfS0LhWWL23nPHlEYkr+FYGEvogsQcuM8JKgxSS5r+k4sQ7N0w6DfKp+JCpC8oFa DYam43l2qt7UTaN+DuaCSeq/ZeWYnfChbasLhLl6HCSIWMcCx7bzhI8KzlOSgUnAVF7G jiMQEY7uLsQ1R4LpJFzPJHauS6yNvXXO0X4p+lqi3XyRNQhLownxNTwQZGVPxpoKJhpe 1NCx71gM1R5b+gVacUca3pNWjhxV+p4b8OaQgBPB3icgrmYgJ6YfwN1lkev+4IHiXBPH 995g== X-Gm-Message-State: APjAAAWaJgY8yr3/lo3fyPEs6n9FNZcNTtCNA2eLGIoF9A93Ho2PquyG aQ5hrbOLHT/XjUr+yjjk85g4Esi613tmHs9kmLc= X-Google-Smtp-Source: APXvYqy23RHo9sf0U4G2+cWpb1PwYY2NsSSVoPz9zKNnMTLCTyw63W6BW+wZl/OrMbxCFWcn9BLvTfKTF7ed8jGZDys= X-Received: by 2002:a05:6000:118d:: with SMTP id g13mr26362146wrx.141.1576420303680; Sun, 15 Dec 2019 06:31:43 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Andrew Parker Date: Sun, 15 Dec 2019 22:31:32 +0800 Message-ID: Subject: Re: Thoughts on protecting against PATH interception via user owned profiles To: Roman Perepelitsa Cc: Zsh Users Content-Type: multipart/alternative; boundary="00000000000037b9000599bef48f" --00000000000037b9000599bef48f Content-Type: text/plain; charset="UTF-8" Oh man. Back at keyboard now. I see this is nothing zsh specific. The solution was right in front of me all the time. Just exit 1 from /etc/profile will work in bash. guess my brain was thinking about subshells rather than sourcing :facepalm: Good to rubber duck sometimes. I could have solved my problems all along :) Thanks On Sun, Dec 15, 2019 at 4:41 PM Roman Perepelitsa < roman.perepelitsa@gmail.com> wrote: > On Sun, Dec 15, 2019 at 7:29 AM Andrew Parker > wrote: > > My question is whether zsh (and other shells) would ever be interested in > > implementing a solution to this. My suggestion would be something like > the > > following (although there may be better alternatives): > > > > * zsh uses a config file in e.g. /etc directory which much be owned and > > only writable by root > > * The config can be used enable "protected profiles" > > * Once protected profiles are enabled, only profiles which are owned and > > only writable by root can be sourced on startup > > You can do this by creating /etc/zshenv (owned by root) with the > following content (untested): > > [[ -o no_rcs ]] && return > > () { > emulate -L zsh -o extended_glob > local file files=(zshenv) > [[ -o login ]] && files+=(zprofile zlogin zlogout) > [[ -o interactive ]] && files+=(zshrc) > for file in ${ZDOTDIR:-~}/.$^files; do > [[ ! -f $file || -n $file(#qNu0g0^W) ]] && continue > # Either not owned by root:root or world writable. > echo -E - "skipping zsh user rcs because ${(q)file} is tainted" >&2 > setopt no_rcs > return 1 # alternatively: exit 1 > done > } > > This checks whether any of the user rc files are tainted (either not > owned by root:root or world-writable) and unsets rc option if so. This > will prevent zsh from sourcing rc files from the user's home > directory. You can take some other action there if you like, such as > exiting the shell. > > Roman. > --00000000000037b9000599bef48f--